Hi,
First, let me apologize for forgetting to attach the patch. It's
attached to this mail. :)
On Mon, Dec 15, 2008 at 2:41 AM, Cem Kayali
<cemkayali%eticaret.com.tr@localhost> wrote:
> Hi,
>
>
> - Machine has already been up and I enabled veriexec by '/etc/rc.d/veriexec
> start' just after inserting veriexec=yes into rc.conf
>
> - I edited veriexec sysctl parameters and they are as:
> kern.veriexec.verbose = 1
> kern.veriexec.strict = 2
> kern.veriexec.algorithms = RMD160 SHA256 SHA384 SHA512 SHA1 MD5
>
> - I did following operations:
> localhost# cd /usr/pkg/bin
> localhost# cp kasteroids kasteroids.org
> localhost# rm -rf kasteroids
> localhost# cp katomic kasteroids
>
> - I tried to run ./kasteroids and it launched (it actually started katomic!)
>
> - Signature file:
> localhost# grep kasteroids /etc/signatures
> /usr/pkg/bin/kasteroids SHA512 3ca3929b49cff9eafdb2d644..................
>
> - Original checksum:
> localhost# cksum -a sha512 /usr/pkg/bin/kasteroids
> SHA512 (/usr/pkg/bin/kasteroids) = e2073b3f71885530cab84865f..............
>
> - /var/log/messages does not contain any error message.
>
>
> I really surprised nobody untill now has noticed the problem -if there is a
> problem really. This is 4.99.7X amd64 machine. Maybe problem is within 64
> bit systems.
My tests are done on amd64 as well, so that is not the issue.
Perhaps your signatures file isn't loaded properly? can you try running
veriexecctl query /usr/pkg/bin/kasteroids
and show me the output? if it will indicate the fingerprint
mismatches, and you are able to overwrite/delete/run it, then we have
a problem!
Thanks,
-e.
Attachment:
kern_verifiedexec.c.diff
Description: Binary data